CIS Security Controls Explained

When we talk about security controls we are talking about technical and operational steps and settings for preventing or minimizing attacks. The Center for Internet Security has listed 18 controls as critical. With them you can minimize the risk of data breaches and exfiltration, IP and ID theft, corporate espionage, privacy loss, and denial of service attacks, among other cybersecurity threats.

The CIS controls are pretty much how you do everything at a high level for cyber. They provide valuable defensive tools and mitigation steps. I’ve summed them up appropriately I think:

Asset inventory – you have to know what you have in order to protect it, making note of vulnerabilities
Data Loss Prevention (DLP) – different types of software can perform this, but create a data loss prevention program at your business
Passwords on assets, software, and accounts – passwords should be complex and at least 12 characters
Access Control Lists (ACLs) – set your firewalls up correctly
Account management – including user access and privileges
Security Information and Event Management (SIEM) – provides real-time monitoring and analysis of app and network device alerts
Network infrastructure management – devices, active directory, domains
System patches and updates – irreplaceable basic steps
Software patches and updates – sometimes forgotten in light of above
Safe browsing – Limit browser extensions, block unwanted sites, don’t allow use of browser password management
No use of apps from unknown publishers – mostly from stores other than Microsoft, iTunes store and Google Play store, other corporate stores
Anti-malware software – still essential, though not a comprehensive solution
Intrusion Detection Systems and Intrusion Prevention Systems – threat monitoring, detection and response devices
Supply chain management – changing vendor passwords, preventing doors in, making security agreements with vendors
Employee training – immensely valuable protection, 92% of attacks are due to phishing emails
Penetration testing – outsourced or in-house testing

You need a solution that can combine managed SIEM software with continuous monitoring.
You should also mitigate risk through modernization. If you can’t get the most recent systems and software, at least do updates and patches regularly.
Practice your response plan drills and measure the time.
Always be promoting a culture of cybersecurity with your people!

Leave a Reply

Your email address will not be published. Required fields are marked *